2 * EFI Test Driver for Runtime Services
4 * Copyright(C) 2012-2016 Canonical Ltd.
6 * This driver exports EFI runtime services interfaces into userspace, which
7 * allow to use and test UEFI runtime services provided by firmware.
11 #include <linux/version.h>
12 #include <linux/miscdevice.h>
13 #include <linux/module.h>
14 #include <linux/init.h>
15 #include <linux/proc_fs.h>
16 #include <linux/efi.h>
17 #include <linux/slab.h>
18 #include <linux/uaccess.h>
22 MODULE_AUTHOR("Ivan Hu <ivan.hu@canonical.com>");
23 MODULE_DESCRIPTION("EFI Test Driver");
24 MODULE_LICENSE("GPL");
27 * Count the bytes in 'str', including the terminating NULL.
29 * Note this function returns the number of *bytes*, not the number of
32 static inline size_t user_ucs2_strsize(efi_char16_t __user *str)
34 efi_char16_t *s = str, c;
40 /* Include terminating NULL */
41 len = sizeof(efi_char16_t);
43 if (get_user(c, s++)) {
44 /* Can't read userspace memory for size */
49 if (get_user(c, s++)) {
50 /* Can't read userspace memory for size */
53 len += sizeof(efi_char16_t);
59 * Allocate a buffer and copy a ucs2 string from user space into it.
62 copy_ucs2_from_user_len(efi_char16_t **dst, efi_char16_t __user *src,
72 if (!access_ok(VERIFY_READ, src, 1))
75 buf = kmalloc(len, GFP_KERNEL);
82 if (copy_from_user(*dst, src, len)) {
91 * Count the bytes in 'str', including the terminating NULL.
93 * Just a wrap for user_ucs2_strsize
96 get_ucs2_strsize_from_user(efi_char16_t __user *src, size_t *len)
98 if (!access_ok(VERIFY_READ, src, 1))
101 *len = user_ucs2_strsize(src);
109 * Calculate the required buffer allocation size and copy a ucs2 string
110 * from user space into it.
112 * This function differs from copy_ucs2_from_user_len() because it
113 * calculates the size of the buffer to allocate by taking the length of
116 * If a non-zero value is returned, the caller MUST NOT access 'dst'.
118 * It is the caller's responsibility to free 'dst'.
121 copy_ucs2_from_user(efi_char16_t **dst, efi_char16_t __user *src)
125 if (!access_ok(VERIFY_READ, src, 1))
128 len = user_ucs2_strsize(src);
131 return copy_ucs2_from_user_len(dst, src, len);
135 * Copy a ucs2 string to a user buffer.
137 * This function is a simple wrapper around copy_to_user() that does
138 * nothing if 'src' is NULL, which is useful for reducing the amount of
139 * NULL checking the caller has to do.
141 * 'len' specifies the number of bytes to copy.
144 copy_ucs2_to_user_len(efi_char16_t __user *dst, efi_char16_t *src, size_t len)
149 if (!access_ok(VERIFY_WRITE, dst, 1))
152 return copy_to_user(dst, src, len);
155 static long efi_runtime_get_variable(unsigned long arg)
157 struct efi_getvariable __user *getvariable_user;
158 struct efi_getvariable getvariable;
159 unsigned long datasize, prev_datasize, *dz;
160 efi_guid_t vendor_guid, *vd = NULL;
162 efi_char16_t *name = NULL;
167 getvariable_user = (struct efi_getvariable __user *)arg;
169 if (copy_from_user(&getvariable, getvariable_user,
170 sizeof(getvariable)))
172 if (getvariable.data_size &&
173 get_user(datasize, getvariable.data_size))
175 if (getvariable.vendor_guid) {
176 if (copy_from_user(&vendor_guid, getvariable.vendor_guid,
177 sizeof(vendor_guid)))
182 if (getvariable.variable_name) {
183 rv = copy_ucs2_from_user(&name, getvariable.variable_name);
188 at = getvariable.attributes ? &attr : NULL;
189 dz = getvariable.data_size ? &datasize : NULL;
191 if (getvariable.data_size && getvariable.data) {
192 data = kmalloc(datasize, GFP_KERNEL);
199 prev_datasize = datasize;
200 status = efi.get_variable(name, vd, at, dz, data);
203 if (put_user(status, getvariable.status)) {
208 if (status != EFI_SUCCESS) {
209 if (status == EFI_BUFFER_TOO_SMALL) {
210 if (dz && put_user(datasize, getvariable.data_size)) {
219 if (prev_datasize < datasize) {
225 if (copy_to_user(getvariable.data, data, datasize)) {
231 if (at && put_user(attr, getvariable.attributes)) {
236 if (dz && put_user(datasize, getvariable.data_size))
245 static long efi_runtime_set_variable(unsigned long arg)
247 struct efi_setvariable __user *setvariable_user;
248 struct efi_setvariable setvariable;
249 efi_guid_t vendor_guid;
251 efi_char16_t *name = NULL;
255 setvariable_user = (struct efi_setvariable __user *)arg;
257 if (copy_from_user(&setvariable, setvariable_user, sizeof(setvariable)))
259 if (copy_from_user(&vendor_guid, setvariable.vendor_guid,
260 sizeof(vendor_guid)))
263 if (setvariable.variable_name) {
264 rv = copy_ucs2_from_user(&name, setvariable.variable_name);
269 data = kmalloc(setvariable.data_size, GFP_KERNEL);
274 if (copy_from_user(data, setvariable.data, setvariable.data_size)) {
279 status = efi.set_variable(name, &vendor_guid,
280 setvariable.attributes,
281 setvariable.data_size, data);
283 if (put_user(status, setvariable.status)) {
288 rv = status == EFI_SUCCESS ? 0 : -EINVAL;
297 static long efi_runtime_get_time(unsigned long arg)
299 struct efi_gettime __user *gettime_user;
300 struct efi_gettime gettime;
305 gettime_user = (struct efi_gettime __user *)arg;
306 if (copy_from_user(&gettime, gettime_user, sizeof(gettime)))
309 status = efi.get_time(gettime.time ? &efi_time : NULL,
310 gettime.capabilities ? &cap : NULL);
312 if (put_user(status, gettime.status))
315 if (status != EFI_SUCCESS)
318 if (gettime.capabilities) {
319 efi_time_cap_t __user *cap_local;
321 cap_local = (efi_time_cap_t *)gettime.capabilities;
322 if (put_user(cap.resolution, &(cap_local->resolution)) ||
323 put_user(cap.accuracy, &(cap_local->accuracy)) ||
324 put_user(cap.sets_to_zero, &(cap_local->sets_to_zero)))
328 if (copy_to_user(gettime.time, &efi_time, sizeof(efi_time_t)))
335 static long efi_runtime_set_time(unsigned long arg)
337 struct efi_settime __user *settime_user;
338 struct efi_settime settime;
342 settime_user = (struct efi_settime __user *)arg;
343 if (copy_from_user(&settime, settime_user, sizeof(settime)))
345 if (copy_from_user(&efi_time, settime.time,
348 status = efi.set_time(&efi_time);
350 if (put_user(status, settime.status))
353 return status == EFI_SUCCESS ? 0 : -EINVAL;
356 static long efi_runtime_get_waketime(unsigned long arg)
358 struct efi_getwakeuptime __user *getwakeuptime_user;
359 struct efi_getwakeuptime getwakeuptime;
360 efi_bool_t enabled, pending;
364 getwakeuptime_user = (struct efi_getwakeuptime __user *)arg;
365 if (copy_from_user(&getwakeuptime, getwakeuptime_user,
366 sizeof(getwakeuptime)))
369 status = efi.get_wakeup_time(
370 getwakeuptime.enabled ? (efi_bool_t *)&enabled : NULL,
371 getwakeuptime.pending ? (efi_bool_t *)&pending : NULL,
372 getwakeuptime.time ? &efi_time : NULL);
374 if (put_user(status, getwakeuptime.status))
377 if (status != EFI_SUCCESS)
380 if (getwakeuptime.enabled && put_user(enabled,
381 getwakeuptime.enabled))
384 if (getwakeuptime.time) {
385 if (copy_to_user(getwakeuptime.time, &efi_time,
393 static long efi_runtime_set_waketime(unsigned long arg)
395 struct efi_setwakeuptime __user *setwakeuptime_user;
396 struct efi_setwakeuptime setwakeuptime;
401 setwakeuptime_user = (struct efi_setwakeuptime __user *)arg;
403 if (copy_from_user(&setwakeuptime, setwakeuptime_user,
404 sizeof(setwakeuptime)))
407 enabled = setwakeuptime.enabled;
408 if (setwakeuptime.time) {
409 if (copy_from_user(&efi_time, setwakeuptime.time,
413 status = efi.set_wakeup_time(enabled, &efi_time);
415 status = efi.set_wakeup_time(enabled, NULL);
417 if (put_user(status, setwakeuptime.status))
420 return status == EFI_SUCCESS ? 0 : -EINVAL;
423 static long efi_runtime_get_nextvariablename(unsigned long arg)
425 struct efi_getnextvariablename __user *getnextvariablename_user;
426 struct efi_getnextvariablename getnextvariablename;
427 unsigned long name_size, prev_name_size = 0, *ns = NULL;
429 efi_guid_t *vd = NULL;
430 efi_guid_t vendor_guid;
431 efi_char16_t *name = NULL;
434 getnextvariablename_user = (struct efi_getnextvariablename __user *)arg;
436 if (copy_from_user(&getnextvariablename, getnextvariablename_user,
437 sizeof(getnextvariablename)))
440 if (getnextvariablename.variable_name_size) {
441 if (get_user(name_size, getnextvariablename.variable_name_size))
444 prev_name_size = name_size;
447 if (getnextvariablename.vendor_guid) {
448 if (copy_from_user(&vendor_guid,
449 getnextvariablename.vendor_guid,
450 sizeof(vendor_guid)))
455 if (getnextvariablename.variable_name) {
456 size_t name_string_size = 0;
458 rv = get_ucs2_strsize_from_user(
459 getnextvariablename.variable_name,
464 * The name_size may be smaller than the real buffer size where
465 * variable name located in some use cases. The most typical
466 * case is passing a 0 to get the required buffer size for the
467 * 1st time call. So we need to copy the content from user
468 * space for at least the string size of variable name, or else
469 * the name passed to UEFI may not be terminated as we expected.
471 rv = copy_ucs2_from_user_len(&name,
472 getnextvariablename.variable_name,
473 prev_name_size > name_string_size ?
474 prev_name_size : name_string_size);
479 status = efi.get_next_variable(ns, name, vd);
481 if (put_user(status, getnextvariablename.status)) {
486 if (status != EFI_SUCCESS) {
487 if (status == EFI_BUFFER_TOO_SMALL) {
488 if (ns && put_user(*ns,
489 getnextvariablename.variable_name_size)) {
499 if (copy_ucs2_to_user_len(getnextvariablename.variable_name,
500 name, prev_name_size)) {
507 if (put_user(*ns, getnextvariablename.variable_name_size)) {
514 if (copy_to_user(getnextvariablename.vendor_guid, vd,
524 static long efi_runtime_get_nexthighmonocount(unsigned long arg)
526 struct efi_getnexthighmonotoniccount __user *getnexthighmonocount_user;
527 struct efi_getnexthighmonotoniccount getnexthighmonocount;
531 getnexthighmonocount_user = (struct
532 efi_getnexthighmonotoniccount __user *)arg;
534 if (copy_from_user(&getnexthighmonocount,
535 getnexthighmonocount_user,
536 sizeof(getnexthighmonocount)))
539 status = efi.get_next_high_mono_count(
540 getnexthighmonocount.high_count ? &count : NULL);
542 if (put_user(status, getnexthighmonocount.status))
545 if (status != EFI_SUCCESS)
548 if (getnexthighmonocount.high_count &&
549 put_user(count, getnexthighmonocount.high_count))
555 static long efi_runtime_query_variableinfo(unsigned long arg)
557 struct efi_queryvariableinfo __user *queryvariableinfo_user;
558 struct efi_queryvariableinfo queryvariableinfo;
560 u64 max_storage, remaining, max_size;
562 queryvariableinfo_user = (struct efi_queryvariableinfo __user *)arg;
564 if (copy_from_user(&queryvariableinfo, queryvariableinfo_user,
565 sizeof(queryvariableinfo)))
568 status = efi.query_variable_info(queryvariableinfo.attributes,
569 &max_storage, &remaining, &max_size);
571 if (put_user(status, queryvariableinfo.status))
574 if (status != EFI_SUCCESS)
577 if (put_user(max_storage,
578 queryvariableinfo.maximum_variable_storage_size))
581 if (put_user(remaining,
582 queryvariableinfo.remaining_variable_storage_size))
585 if (put_user(max_size, queryvariableinfo.maximum_variable_size))
591 static long efi_runtime_query_capsulecaps(unsigned long arg)
593 struct efi_querycapsulecapabilities __user *qcaps_user;
594 struct efi_querycapsulecapabilities qcaps;
595 efi_capsule_header_t *capsules;
601 qcaps_user = (struct efi_querycapsulecapabilities __user *)arg;
603 if (copy_from_user(&qcaps, qcaps_user, sizeof(qcaps)))
606 capsules = kcalloc(qcaps.capsule_count + 1,
607 sizeof(efi_capsule_header_t), GFP_KERNEL);
611 for (i = 0; i < qcaps.capsule_count; i++) {
612 efi_capsule_header_t *c;
614 * We cannot dereference qcaps.capsule_header_array directly to
615 * obtain the address of the capsule as it resides in the
618 if (get_user(c, qcaps.capsule_header_array + i)) {
622 if (copy_from_user(&capsules[i], c,
623 sizeof(efi_capsule_header_t))) {
629 qcaps.capsule_header_array = &capsules;
631 status = efi.query_capsule_caps((efi_capsule_header_t **)
632 qcaps.capsule_header_array,
634 &max_size, &reset_type);
636 if (put_user(status, qcaps.status)) {
641 if (status != EFI_SUCCESS) {
646 if (put_user(max_size, qcaps.maximum_capsule_size)) {
651 if (put_user(reset_type, qcaps.reset_type))
659 static long efi_test_ioctl(struct file *file, unsigned int cmd,
663 case EFI_RUNTIME_GET_VARIABLE:
664 return efi_runtime_get_variable(arg);
666 case EFI_RUNTIME_SET_VARIABLE:
667 return efi_runtime_set_variable(arg);
669 case EFI_RUNTIME_GET_TIME:
670 return efi_runtime_get_time(arg);
672 case EFI_RUNTIME_SET_TIME:
673 return efi_runtime_set_time(arg);
675 case EFI_RUNTIME_GET_WAKETIME:
676 return efi_runtime_get_waketime(arg);
678 case EFI_RUNTIME_SET_WAKETIME:
679 return efi_runtime_set_waketime(arg);
681 case EFI_RUNTIME_GET_NEXTVARIABLENAME:
682 return efi_runtime_get_nextvariablename(arg);
684 case EFI_RUNTIME_GET_NEXTHIGHMONOTONICCOUNT:
685 return efi_runtime_get_nexthighmonocount(arg);
687 case EFI_RUNTIME_QUERY_VARIABLEINFO:
688 return efi_runtime_query_variableinfo(arg);
690 case EFI_RUNTIME_QUERY_CAPSULECAPABILITIES:
691 return efi_runtime_query_capsulecaps(arg);
697 static int efi_test_open(struct inode *inode, struct file *file)
700 * nothing special to do here
701 * We do accept multiple open files at the same time as we
702 * synchronize on the per call operation.
707 static int efi_test_close(struct inode *inode, struct file *file)
713 * The various file operations we support.
715 static const struct file_operations efi_test_fops = {
716 .owner = THIS_MODULE,
717 .unlocked_ioctl = efi_test_ioctl,
718 .open = efi_test_open,
719 .release = efi_test_close,
723 static struct miscdevice efi_test_dev = {
729 static int __init efi_test_init(void)
733 ret = misc_register(&efi_test_dev);
735 pr_err("efi_test: can't misc_register on minor=%d\n",
743 static void __exit efi_test_exit(void)
745 misc_deregister(&efi_test_dev);
748 module_init(efi_test_init);
749 module_exit(efi_test_exit);